Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

letsencrypt: Use maintained Hurricane Electric certbot plugin #3856

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

kyledepasquale
Copy link

@kyledepasquale kyledepasquale commented Dec 9, 2024

The currently used Hurricane Electric Certbot plugin hasn't been updated since 2019 and has a bug preventing it from validating subdomains from Hurricane Electric.

This updates the Letsencrypt addon to use a currently-updated Hurricane Electric certbot plugin.

Summary by CodeRabbit

  • New Features

    • Added a new DNS provider, "dns-mijn-host," for certificate generation.
    • Updated changelog to include version 5.2.11 with enhancements and fixes.
  • Bug Fixes

    • Documented various improvements related to DNS support and dependency updates.
  • Chores

    • Updated version number in configuration files and Dockerfile for consistency.
    • Renamed variables for the Hurricane Electric DNS plugin to reflect new naming conventions.

The old plugin hasn't been updated since 2019. A newer plugin has been much more recently maintained and should be used instead, as this fixes several bugs.
Copy link

@home-assistant home-assistant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @kyledepasquale

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

@home-assistant home-assistant bot marked this pull request as draft December 9, 2024 22:29
@home-assistant
Copy link

home-assistant bot commented Dec 9, 2024

Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍

Learn more about our pull request process.

Copy link
Contributor

coderabbitai bot commented Dec 9, 2024

📝 Walkthrough
📝 Walkthrough

Walkthrough

The changes include updates to the CHANGELOG.md, Dockerfile, build.yaml, config.yaml, and related scripts in the letsencrypt project. A new version entry, 5.2.11, has been added to the changelog, noting the adoption of a maintained Hurricane Electric DNS plugin and a required change in the provider name. The Dockerfile and build.yaml have modifications in the naming of the Hurricane Electric DNS plugin variable. The version number in the config.yaml has been incremented to 5.2.11, and variable names in the scripts have been updated for clarity.

Changes

File Change Summary
letsencrypt/CHANGELOG.md Added new version entry: ## 5.2.11, detailing updates including the use of a maintained Hurricane Electric plugin.
letsencrypt/Dockerfile Updated ARG from CERTBOT_DNS_HE_VERSION to CERTBOT_DNS_HURRICANE_ELECTRIC_VERSION; changed package installation from certbot-dns-he to certbot-dns-hurricane-electric.
letsencrypt/build.yaml Renamed variable from CERTBOT_DNS_HE_VERSION: 1.0.0 to CERTBOT_DNS_HURRICANE_ELECTRIC_VERSION: 0.1.0.
letsencrypt/config.yaml Updated version from 5.2.10 to 5.2.11; updated schema entry from dns-he to dns-hurricane_electric.
letsencrypt/rootfs/etc/cont-init.d/file-structure.sh Renamed variables: dns_he_user to dns_hurricane_electric_user, dns_he_pass to dns_hurricane_electric_pass.
letsencrypt/rootfs/etc/services.d/lets-encrypt/run Renamed DNS provider from dns-he to dns-hurricane_electric; added new DNS provider dns-mijn-host.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Member

@agners agners left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR!

You also have to adjust the DNS provider name: Currently dns-he is used, this would need to change to dns-hurricane_electric looking at the readme at https://github.com/studioeng/certbot-dns-hurricane-electric. I'd suggest to just set DNS_PROVIDER=dns-hurricane_electric on line 247, so the current settings remain backwards compatible.

It seems that the new library uses different keys in the configuration files (dns_hurricane_electric_user instead of dns_he_user and dns_hurricane_electric_pass instead of dns_he_pass).

We currently use he_user and he_pass in the add-on config, for backwards compatibility we should leave those as is.

@home-assistant home-assistant bot marked this pull request as draft December 11, 2024 12:47
@kyledepasquale
Copy link
Author

Hi @kyledepasquale

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

Thanks for your PR!

You also have to adjust the DNS provider name: Currently dns-he is used, this would need to change to dns-hurricane_electric looking at the readme at https://github.com/studioeng/certbot-dns-hurricane-electric. I'd suggest to just set DNS_PROVIDER=dns-hurricane_electric on line 247, so the current settings remain backwards compatible.

It seems that the new library uses different keys in the configuration files (dns_hurricane_electric_user instead of dns_he_user and dns_hurricane_electric_pass instead of dns_he_pass).

We currently use he_user and he_pass in the add-on config, for backwards compatibility we should leave those as is.

Appreciate the feedback! I believe I've incorporated the required changes - let me know if there's anything else amiss.

@kyledepasquale kyledepasquale marked this pull request as ready for review December 13, 2024 16:35
@home-assistant home-assistant bot requested a review from agners December 13, 2024 16:35
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)
letsencrypt/rootfs/etc/services.d/lets-encrypt/run (1)

248-251: LGTM! Consider adding a deprecation notice.

The changes correctly implement the new Hurricane Electric DNS provider while maintaining backwards compatibility. The implementation follows the same pattern as other DNS providers in the file.

Consider adding a comment indicating that the dns.he_* configuration keys are deprecated in favor of dns.hurricane_electric_* to help users transition to the new naming scheme in the future.

 # Hurricane Electric
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hurricane_electric" ]; then
+    # TODO: The dns.he_* config keys are deprecated and will be replaced with dns.hurricane_electric_* in a future release
     bashio::config.require 'dns.he_user'
     bashio::config.require 'dns.he_pass'
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 781cc40 and ba469fc.

📒 Files selected for processing (5)
  • letsencrypt/CHANGELOG.md (1 hunks)
  • letsencrypt/build.yaml (1 hunks)
  • letsencrypt/config.yaml (2 hunks)
  • letsencrypt/rootfs/etc/cont-init.d/file-structure.sh (1 hunks)
  • letsencrypt/rootfs/etc/services.d/lets-encrypt/run (3 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
  • letsencrypt/build.yaml
  • letsencrypt/CHANGELOG.md
  • letsencrypt/config.yaml
🔇 Additional comments (1)
letsencrypt/rootfs/etc/cont-init.d/file-structure.sh (1)

77-78: LGTM! Well-handled backwards compatibility.

The changes correctly map the old configuration keys (dns.he_user and dns.he_pass) to the new variable names (dns_hurricane_electric_user and dns_hurricane_electric_pass) required by the updated plugin, ensuring a smooth transition for existing users.

Copy link
Member

@agners agners left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this changes, the add-on should remain backwards compatible. It also avoids introducing dns-hurricane_electric as provider, which would be the only one with an underline and be a bit of an odd-ball.

## 5.2.11

- Use a newer, maintained Hurricane Electric plugin.
- Note that this requires the provider name to be updated from dns-he to dns-hurricane_electric
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that this is strictly necessary. So with the following changes, we can make this backwards compatible.

Suggested change
- Note that this requires the provider name to be updated from dns-he to dns-hurricane_electric

@@ -109,7 +109,7 @@ schema:
dns-hetzner|dns-infomaniak|dns-ionos|dns-joker|dns-linode|dns-loopia|dns-luadns|\
dns-mijn-host|dns-njalla|dns-nsone|dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|\
dns-sakuracloud|dns-namecheap|dns-netcup|dns-simply|dns-gandi|dns-transip|dns-inwx|\
dns-dreamhost|dns-he|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\
dns-dreamhost|dns-hurricane_electric|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leave this as is.

Suggested change
dns-dreamhost|dns-hurricane_electric|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\
dns-dreamhost|dns-he|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\

@@ -245,7 +245,7 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; th
PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-dreamhost-credentials" "/data/dnsapikey")

# Hurricane Electric
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hurricane_electric" ]; then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, pretend we are DNS provider dns-he:

Suggested change
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hurricane_electric" ]; then
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then

@@ -245,7 +245,7 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; th
PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-dreamhost-credentials" "/data/dnsapikey")

# Hurricane Electric
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then
elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hurricane_electric" ]; then
bashio::config.require 'dns.he_user'
bashio::config.require 'dns.he_pass'
PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But then, explicitly use dns-hurricane_electric as authenticator and for the plug-in specific arguments.

Suggested change
PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
PROVIDER_ARGUMENTS+=("--authenticator" "dns-hurricane_electric" "--dns-hurricane_electric-credentials" "/data/dnsapikey" "--dns-hurricane_electric-propagation-seconds" "${PROPAGATION_SECONDS}")

@home-assistant home-assistant bot marked this pull request as draft January 14, 2025 10:56
@agners agners changed the title Use currently-maintained Hurricane Electric certbot plugin letsencrypt: Use maintained Hurricane Electric certbot plugin Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants